I keep hearing on VPN ads that you have to use a VPN to not have your login information stolen. So far I have been using Cloudflare WARP to be safe enough. However, if I am using an HTTPS website, do I really need a VPN or WARP? Will an attacker on the same network as me be able to access passwords transmitted over HTTPS?

  • PuppyOSAndCoffee@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Bruh

    a vpn can totally MiM if they force you to use their cert.

    upstream server ssl <-> vpn client ssl <-> vpn MiM <-> vpn server ssl <-> you

    Even with no MiM, VPN is going to know where you are going and how long you are there, and any unencrypted comms (UDP / torrent, funky http URL) are just … there.

    I would assume consumer “privacy” VPN traffic is easily monitored by state agencies since there are fixed points of entry & egress?

    Any corporate VPN worth its salt is totally MiM all traffic; usually spells it out in the sales brochure.